We are facing a bug with our ASA 5500 series (version 8.5.26) and the Internet explorer when the users connect to ssl vpn and they are not able to connect to the network resources like their PCs and the Cisco port forwarder keep asking for its installation
We already updated the ASA version installed in the user's computers the Microsoft kill bit patch.
We have Wireless Setup and facing the latency issue for Wireless users , Wireless Controller is 2504 and AP are of 3600 Series .Even we stand below the AP , latency is in range of 19 to 20 ms , while client has Autonomous setup , so when he shifts the connectivity to Autonomous Setup he get latency is range 2 to 8 ms which is good then WLC setup...
While Testing We made the Single AP on which is integrated with WLC and check the Latency , but in these senario also it range from 19 to 20 ms ... ( Also sametime all Autonomous AP's were Off )
I am attaching the show techsupport to resolve the issue and tell me what fine tunning can be done to resolve the latency issue.
We recently implement WLC 5500 Series, I found out guest user once period of that user expired it will not appear at lobbyadmin page where you can see list of users.
Is there any way to see expired guest users and also IP address which assign to guest user?
Is it possible for the wlc (5500) block wireless users attempting to login to the network more than 3 times?I have several devices trying to connect to the network automatically using rhe old password, after 3 attempts the account will lock out! Im running peap mschapv2 with radius and active directory.
View 1 Replies View RelatedI used the following commands to limit users on my wireless network (WLC 5500) and a Nexus 7000. The previous cisco doc only covers the 6500 and some commands have changed. Tested and working except the PIR gives an error, post up if you know why, otherwise enjoy!
Note Wireless Network assumed to be 172.21.0.0/16.Note This will limit each wireless user to 1 MbpsNote The PIR (Peak Infomation rate, also know as burst) is ignored in following commands, unknown at this time why.Create ACLs:
ip access-list acl-wireless-downstream 10 permit ip any 172.21.0.0/16 ip access-list acl-wireless-upstream 10 permit ip 172.21.0.0/16 any class-map type qos match-all class-wireless-upstream match access-group name acl-wireless-upstreamclass-map type qos match-all class-wireless-downstream match access-group name acl-wireless-downstreampolicy-map type qos police-wireless-upstream class class-wireless-upstream police cir 1 mbps bc 200 ms pir 1536 kbps be 200 ms conform transmit exceed drop violate droppolicy-map type qos police-wireless-downstream class class-wireless-downstream police cir 1 mbps bc 200 ms pir 1536 kbps be 200 ms conform transmit exceed drop violate drop
1.Apply police-wireless-upstream on the incoming port from the controller.
interface port-channel130 description *** LAG for WLC1 *** switchport mode trunk switchport trunk allowed vlan 80,130,255,600 service-policy type qos input police-wireless-upstream
2.Apply policy-wireless-downstream on the uplink LAN/WAN ports.
interface port-channel101 description *** L3 Port Channel to Core VDC *** no switchport service-policy type qos input police-wireless-downstream ip address 10.70.10.18/30 ip router eigrp 10
what is the ideal timeout for users when no activity is performed while connected to network via wireless
-WLC model 5500
-AP model 1200 series
users get disconnected every 15mins when machine is Ideal and where do i see this option.
I purchased the license P/N: ASA-CSC20-250U-1Y with Description: ASA 5500 CSC-SSM-20 250-User License Only Renewal (1-year)
But I had a mistake because I need support to 500 users. Now, to solve my mistake I want to know Do I can purchase another ASA-CSC20-250U-1Y to provide the 500 users suppor?
I mean, ¿are two (2) ASA-CSC20-250U-1Y equivalent to the 500 user license listed below?P/N, ASA-CSC20-500U-1Y with Description: ASA 5500 CSC-SSM-20 500-User License Only Renewal (1-year)
I have a Cisco 2801 with two DSL cards that are both routing to the internet, with NAT to the private LAN interface. I am using IP SLA and route maps to accomplish this load balancing. I have rsolved most of the issues that come with this setup, but I still have a major issue: I cannot SSH into both of the WAN addresses, only one. I have included whqat I think is the most relevant config info.
#sh run
! ........some info omitted........!
!
[Code].....
I have on 7200 series router with NPE-G1 module which is facing high CPU utilization. I have not found any particular process causing this high CPU utilization as it is caused due to interrupts. I have already enabled fast switching by "ip cef" command. Please suggest how to normalize the utilization as it is impacting the network and causing slowness. Please find below the output of show process cpu and also find attached the show tech of the device. Also let me know if any other output is required.
[CODE]...
Facing issue with ACE module Part#ACE20-MOD-K9 having NP failed error message and module got restarted.
Module software currently# c6ace-t1k9-mz.A2_1_6a.bin
We have studied the Support Community document and got the BUG id's information having impact on this module, BUG id's: CSCsv92321, CSCsx25981, CSCsq38638
Software version to upgrade for the ACE module having no impact on this ACE module by these BUG id's having parity error symptoms.
I have Cisco C881W-A-K9 wireless ruter that i want to configure with one SSID hiwever i am not able to achieve this . [code]
View 1 Replies View RelatedI'm trying to have a standard equipment for our POP deployment. Basically this edge router will connect to our customers and pass data and or voice traffic, capable of BGP and good enough to accomodate up to 4 clients.
We have on hand a 3845 Router, and ME3600X. The 3845 is EOS and replacement is 3945. The ME3600X is a fixed configuration so would you recommend a 3945 or a much higher model like a 7300.
We have a 1841 Cisco router for one of our remote sites and we have the GRE over IPSec tunnel on it (with our datacenter router) for the connectivity. The LAN facing interface becomes UP/Down (status 'UP', Protocol 'Down'). When I login the router and 'shut' and then 'no shut' the interface, the interface becomes UP and everything starts to work. Traffic starts to flow across it. But after some time, some hours or sometimes some days, the interface is again back to up/down status. The router is connected to a non-Cisco switch. I do see some CRC's increasing very slowly, but apart from that there seems nothing wrong with the interface in sho int fas0/0 command:
!
RTR01#sho int fas0/0
FastEthernet0/0 is up, line protocol is down
Hardware is Gt96k FE, address is 0026.cb91.ee48 (bia 0026.cb91.ee48)
[Code]....
setting up VPN IPSec with Cisco ASA 5505. I've managed to successfully setup VPN andcan connect to it from outside and browse securely to the outside/internet via tunnel. However, once I am connected to VPN, I cannot access any of my internal hosts/servers via VPN client.
!
hostname ciscoasa
enable password xxxxxxxxxxx encrypted
passwd xxxxxxxxx encrypted
names
!
interface Ethernet0/0
[code]....
We are facing issue with highly frequent interface flaps on Cisco 4900M switch only for module WS-X4920-GB-RJ45. Strange thing is no complaint from the users/server teams for any traffic interruption.
Switch: Cisco WS-C4900M
Line card: WS-X4920-GB-RJ45
IOS image is cat4500e-ipbase-mz.122-53.SG4.bin
There are several other smilar model & linecard/inventory of switches with exactly same IOS image, however there are no issues with them.
When I tried with Security disabled, I could FTP and see my drive from an external network. However, once I rite & Security is enabled with write and read "" granted with a user profile created, the FTP Client has some error message; Could it be due to mode in FTP settings? (passive is set)
View 1 Replies View RelatedRegion : UnitedKingdom
Model : TD-W8968
Hardware Version : V1
Firmware Version : 120926
ISP :
Is it possible to turn off the web server facing the internet. When accessing my external ip address I am presented with the logon banner requesting user name and password together with the TP-Link name and model numbers. I would much prefer if I could switch this access and banner off.
I have a cisco wireless environment running NCS with a wism, two 4400's, and now two 5500's. The bulk of our AP's are 1131's, however we are now ordering and using 1142's and 3602's. We just added the 5500 controllers in preperation for a large deployment of 1142's. What I would like to do is have the system setup so that the the 1142's will default to the 5500 controllers. Since the wism and 4400 wont support the 3602's its not really an issue for them. I'm trying to find the best way to accomplish this. I've already heard one suggestion of manually going through and setting all the AP's to a primary and secondary controller but I was hoping to find a way to have the system do this for me.
View 5 Replies View RelatedI've ran into an issue that I haven't seen before. A client of mine has a WLC that manages AP's at several different sites on the East Coast. They are all connected via a multilinked T1x2 connection. One site in particular contains 7 AP's, and users at this site are unable to connect. The remaining sites have no issue at all connecting. I noticed that when users began reporting this that all AP's had failed interference profiles. Also, when I instruct a user to attempt a connection, I don't ever see their mac address come across a debug session on the controller, which I find odd. Is it possible that a neighboring business is sending deauth packets and containing my AP's?
The client is running code version 4.2.61.0.
I run a webserver that has worked fine for a while. Recently, I've been getting calls from people who say that the page is no longer pulling up. There were several reported cases, but no specifics. Finally I talked to someone today.He said they changed their ISP to AT&T U-Verse and that's when the problem started. When trying to go to our webpage, his browser times out. He has tried in Firefox, IE and even on the iPad, so it seems to be a router and/or ISP problem.I thought it might be a DNS server problem, but I changed it to Google's public DNS server,
View 4 Replies View RelatedI have a ASA5505 and setup SSL VPN. My users can connect to the VPN but can't get access to any of the internal servers.
View 3 Replies View RelatedA client of mine has a Cisco RV042 Router. I've configured it to run VPN and it works, sort of. Some clients can connect, others can't, for no discernible reason.
Specific machine issues are Windows 7 x64 or x86, Quick VPN latest release, unobtrusive (Avast or Microsoft Security Essentials) security, etc. 2 separate machines on the same home remote network, 1 can connect just fine, the other can't. My laptop (Win7 x64) connects just fine, one of my techs can connect OK, the IT support guy that works for this client can connect.
Particulars of the router: Firmware version: v4.0.4.02; PID VID : RV042 V03; Firmware MD5 Checksum : 1f84d8d0a2a8b99f9bfa4409e64547aa
I have been tasked with attempting to setup an enviroment that allows users to VPN from home and use Dameware to connect, from home, to another machine in another users home that is VPN'd into the same network. Is this possible?
We are using 2 5520 ASA's and CiscoAnyConnect.
I have a wireless 5508 with license base to 50 aps, i use a deployment flex connect. I already registered all my access points, I use web authentication to authenticate users guest, and the service dhcp is in the central site.
My issue is the users in each remote site, can not get an ip address by dhcp from the central site, they can authenticate in the guest ssid, but any users can not get an ip. The request is passing by the wan in this way
Central Site DHCP - Router WAN - Remote Site - Users with notebooks. I use flex connect central deployment (all the traffic consulting to the wlc) .
perhaps i should use local deploy? The wireless is in the central site.
I have a RV042 and have set it up for VPN Client access using the QuickVPN client to connect my remote users. I discovered today that I cannot have two users connect in at the same time. Both users are in the same remote office. They can connect individually with no problem but if one is connected and the other tries connect also the second user gets a message the gateway is not responding. They are both running Win XP PRo SP3.
View 1 Replies View RelatedI have a RV042 and have set it up for VPN Client access using the QuickVPN client to connect my remote users. I discovered today that I cannot have two users connect in at the same time. Both users are in the same remote office. They can connect individually with no problem but if one is connected and the other tries connect also the second user gets a message the gateway is not responding. They are both running WinXPPRo SP3.
View 4 Replies View Relatedwhen I try to enable network internet connection on my computer it tells me that somebody else is using IP 192.168.0.1
View 2 Replies View Relatedis it possible to prevent the users with static IP's to connect the Network?We use Cisco sw 4500 series as an access and distribution switches.Is there any features on the switches that fit my request?
View 3 Replies View RelatedI have a Dell E6420 running WIN7 32bit. It is running the Dell broadband utility. I am trying to find a way to keep the users from selecting auto-connect in settings>config. I am looking for a registry key or something that can be done from the admin side to stop this.
View 3 Replies View RelatedHow to successfully manage to configure ACS 5.1 to accept log in request from a 5500 WLC?
I've managed to get it configured following the follow link [URL], but when I try to log in to the WLC using my ACS credentials I just get the log in screen again. I've checked the ACS logs and it says my username has passed the authentication process and it matches all the rules I've set. The only thing I've noticed is my "Privilege Level" is only 1 but I'm not sure if thats correct for a HTTP log in.
We have a WLC 5500 apliance, but i have a problem, the APs have a administrative IP in a diferent segment, only conected to WLC the AP have same segment of the management interface, the 5500 don´t have APmanager interface.How configurate the WLC to conected and administrate all AP with different segment IP
Product Version.................................. 6.0.182.0
chasis: AIR-CT5508-K9
Due to lack of address space, I have to go to NAT for our wireless guest users.Are there any limitation with WLC/NGS when comes to NAT?I have four 5500 WLCs, should I put them in 1 mobility group, at 2 different locations?
View 1 Replies View RelatedWe have a customer requirement of providing secure connectivity from Remote Office to HQSame time to provide certain level of layer 3 redundancy via secondary link should the primary link fail We are looking at ASA5500 series firewall for both Remote office and HQ.Can this be done?
View 3 Replies View Related